d9dd1dcce0bdd6b59b3990ad1d9673625f1436b0cc7f91eb56f134c8079d714f

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 22:45

Target

b9da64ef2a624f4b5c4edb9a122d64dd.exe
Size

1010KB
MD5

b9da64ef2a624f4b5c4edb9a122d64dd
SHA1

660f80393eca46f8bac4a5152b61c76b4ec14a42
SHA256

d9dd1dcce0bdd6b59b3990ad1d9673625f1436b0cc7f91eb56f134c8079d714f
SHA512

d64edcf910bdfc6038b6e42050cd69ae8950e427f97a799d42a73a83db806eee1d03849559a86c16cce0329837e7f48560d90eca7f9d5b36928fe41f68f722dc
SSDEEP

12288:hUp+AerOWHS0gmcq7J2YuYTfm6hiYc5plDFwrilMiYTfm:ptOuS09OmfduvlB7lbmf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4696	b9da64ef2a624f4b5c4edb9a122d64dd.exe

Executes dropped EXE 1 IoCs

pid	Process
4696	b9da64ef2a624f4b5c4edb9a122d64dd.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4072-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/files/0x00080000000231f5-12.dat	upx
behavioral2/memory/4696-14-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4072	b9da64ef2a624f4b5c4edb9a122d64dd.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4072	b9da64ef2a624f4b5c4edb9a122d64dd.exe
4696	b9da64ef2a624f4b5c4edb9a122d64dd.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4072 wrote to memory of 4696	4072	b9da64ef2a624f4b5c4edb9a122d64dd.exe	84
PID 4072 wrote to memory of 4696	4072	b9da64ef2a624f4b5c4edb9a122d64dd.exe	84
PID 4072 wrote to memory of 4696	4072	b9da64ef2a624f4b5c4edb9a122d64dd.exe	84

C:\Users\Admin\AppData\Local\Temp\b9da64ef2a624f4b5c4edb9a122d64dd.exe

Filesize
1010KB

MD5
fb79ec8266821f33dcb1586873f32db8

SHA1
22b2b6b7879818cbdc29029dfa8d4bffa5e080ec

SHA256
bc8cfb5dbe4e7fbe6db05f4bfb796ad4f4fa4aaafc9accd012cf3422e1ded020

SHA512
d69b7e43c2404603747f6fa844e4a8225ca6091238202c50ac75433095a63ace8c5aca511ac553921bfc36c024199f5d529ace2ca349e7ce08a2a7079535aacd

Download Submit
memory/4072-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/4072-1-0x0000000001500000-0x0000000001533000-memory.dmp

Filesize
204KB

Download
memory/4072-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4072-13-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4696-14-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/4696-15-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4696-16-0x0000000000110000-0x0000000000143000-memory.dmp

Filesize
204KB

Download
memory/4696-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4696-27-0x00000000015D0000-0x0000000001620000-memory.dmp

Filesize
320KB

Download
memory/4696-28-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download